Apple - Catalina Trusted Root CA certificates are revoked - Chrome

I just figured out that macOS Catalina has a limitation on a certificate validity dates (and some other things), a certificate can't have a validity period more than 825 days and my certificate was valid for about 5 years.

So I regenerate my certificate and replace the old one with a certificate that has a smaller validity period and everything is working fine now!


According to apple's support page, a TLS certificate should meet this requirement:

  • The key size must be at least 2048 bits.
  • Hash algorithm must be SHA-2 or newer.
  • DNS names must be in a SubjectAltName, not in the CN field only.

and if certificates are issued after July 1, 2019:

  • The ExtendedKeyUsage extension must be present, with the id-kp-ServerAuth OID.
  • The validity period should be less than 825 days.